- Posted by:
On July 4, 2017, 9:09 p.m.
Every day e-commerce is growing by leaps and bounds, and virtual stores are no stranger to receiving chargebacks for fraudulent transactions that users are claiming for some kind of online fraud they have been exposed to. Therefore, it is necessary to consider what are the positive and negative factors that both banks and online businesses should consider when processing an online purchase transaction.
Nowadays, many banks issue credit cards under the 3-D Secure or Verified by Visa (for the Visa brand), SecureCode (Mastercard) and SafeKey (American Express) security protocols. This protocol avoids CNP (Card No Present) fraud, which aims to reduce scams in virtual stores and give customers security when shopping online.
What does it consist of? Usually, an online payment requires the card number, expiration date, and the 3-digit verification code that appears on the back of the card and is normally requested when making a purchase online. This information can be provided by anyone who holds the card and not necessarily by the owner, but with 3-D Secure protocol, the cardholder will be challenged to provide additional information, as a key that only the owner of the card knows, and which is not hosted on the card.
Thus, a fraudster can obtain the information of the card, but cannot make any purchase in the online stores that use 3-D Secure, since he will not have this secret key. So, it is necessary that both our card and trade are protected by this Protocol.
But what happens when a credit card under the protection of 3-D Secure purchases in a store that does not have the protocol? This is where we should pay close attention because; if a fraud is committed with a card affiliated with VISA, MASTERCARD or any other card brand protection program, it will be the merchant that assumes the chargeback to the customer, since the issuing bank has delivered a card protected under the policies of the brands; Said Luis Gamarra, CEO of Alignet, a company in charge of providing authentication platforms based on the 3-D Secure protocol at the regional level.
Up to now, authentication for issuer banks has left aside the request for the date of birth as a means to verify the identity of the cardholder; Today we can verify the identity of the buyer or the validity of a transaction by Means of different authentication schemes, for example with a dynamic key, via e-mail, SMS, physical Token, Soft
Token APP, etc. The 3-D Secure protocol is still the most appropriate security protocol to authenticate online purchases, while the branding programs allows to validate the participation of a merchant and the identity of the buyer, the card data validation remains on the issuer bank, providing a triple layer of authentication that configures the 3-D Secure protocol; added Luis.
What happens if you don’t join to an Authentication Program? Credit or Debit cards that are not affiliated to a security program are exposed to fraud, not affiliation implies that safe transactions cannot be performed in any merchant, and, if any fraudulent operation is performed, the owner of the Card is the one who assumes the risk of the transaction; That is, if I do not join to an authentication program, and someone purchases online with my card, the probability is that my bank does not recognize responsibility for these purchases, so it is important when requesting or applying for a card Credit or debit card to verify if the Bank is affiliated with the authentication programs of the brands.
But what happens if the bank is not affiliated with any authentication program, but uses an RBA process? Rule Based Authentication (RBA) are programs based on probabilistic algorithms that determine which transactions may pose a high risk to the client, and those that are considered high risk, will be subject to authentication, while those of low risk will be derived to the authorization process. A disadvantage of this model is that the chargebacks that originate are the responsibility of those who are not protected by an authentication program, either the Issuing Bank, the Virtual Commerce or the card owner.
For this reason, it is important to protect our cards with the authentication programs offered by the brands, in order to eliminate online fraud; As a buyer we can demand that the virtual commerce offer the option of secure payments, as well as the issuing bank offer the affiliation to the authentication programs, the executive said.
Share on LinkedIn
Share on Facebook